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ABSTRACT OF THE DISCLOSURE 

Dynamic Quality of Service (QoS) treatment of data 
traffic within a secure Virtual Private Network (VPN) 
tunnel is provided by attaching a QoS marker to data 
traffic at an ingress end of the VPN tunnel. The QoS 
marker, which may be a DSCP value, is obtained by querying 
a policy database. The policy database returns QoS 
information, such as a DSCP value and/or a set of Tspec and 
Rspec parameters, from which the QoS marker is derived. 
The policy data base can be queried by a VPN Gateway at an 
ingress end of the tunnel during tunnel setup, and/or at 
any time following tunnel setup to obtain updated QoS 
information. This updated QoS information is then 
propagated through the VPN tunnel to a VPN gateway at the 
opposite end of the VPN Tunnel, so that it can be used for 
egress processing of the tunnel traffic. Because the 
updated QoS information is exchanged between the VPN 
gateways supporting the VPN tunnel within the existing 
tunnel Security Association, the VPN gateways are able to 
utilize the updated QoS information for processing VPN 
traffic without renegotiating the Security Association. As 
a result, dissolution and re-establishment of the tunnel is 
not required in order to change the QoS treatment of tunnel 
traffic. The QoS information within the policy database 
can be updated by either a subscriber or a network service 
provider, independently of operation of the VPN tunnel. 


